Millions at risk from Java Virtual Machine flaw

Security experts have warned that millions of computer desktops are at risk from a newly discovered vulnerability in Sun Microsystems' Java Virtual Machine (JVM).

IT security firm CyberGuard claimed that the Java flaw, which is present in the JVM on most desktop computers, "poses a significant security threat because it will not be closed by the usual Microsoft update process".

"JVM is used extensively by many online services such as maps or chat portals," said Horst Joepen, chief executive of CyberGuard's Webwasher subsidiary.

"This vulnerability could have a major impact on most enterprises, since even those with strict security policies do not usually forbid the download or use of Java."

Joepen explained that the vulnerability is currently available only as a 'proof of concept' code, and that there had been no recorded outbreak of a virus or worm.

However, he said that once a "vulnerability of this magnitude" is exposed, it is usually not long before the hackers produce an exploit.

"Most PCs are vulnerable, since JVM is downloaded when users try to access websites that check for a JVM and then ask the user to automatically install it," Joepen said. "Since the Sun JVM is not part of Windows, Microsoft patches won't help."